[redhat-lspp] Toggle for unlabeled packets in labeled ipsec
Casey Schaufler
casey at schaufler-ca.com
Wed Nov 15 00:35:49 UTC 2006
--- Joy Latten <latten at austin.ibm.com> wrote:
> I think the ability to toggle whether unlabeled
> packets
> will be accepted or rejected for labeled networking
> is required by lspp.
> Klaus, is that correct?
The behavior of a given packet needs to be
deterministic and defined. You don't need to
be able to change the behavior on the fly,
and if you can you'll be required to describe
why that's not a potential violation of your
access policy.
Or at least, that's what happened in the past.
Casey Schaufler
casey at schaufler-ca.com
More information about the redhat-lspp
mailing list